diff options
Diffstat (limited to 'ChangeLog.txt')
-rw-r--r-- | ChangeLog.txt | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/ChangeLog.txt b/ChangeLog.txt index 4fdf5fbee..0f5483950 100644 --- a/ChangeLog.txt +++ b/ChangeLog.txt @@ -1,3 +1,39 @@ +Fri Oct 8 03:23:28 UTC 2021 +n/httpd-2.4.51-x86_64-1.txz: Upgraded. + SECURITY: CVE-2021-42013: Path Traversal and Remote Code + Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete + fix of CVE-2021-41773) (cve.mitre.org) + It was found that the fix for CVE-2021-41773 in Apache HTTP + Server 2.4.50 was insufficient. An attacker could use a path + traversal attack to map URLs to files outside the directories + configured by Alias-like directives. + If files outside of these directories are not protected by the + usual default configuration "require all denied", these requests + can succeed. If CGI scripts are also enabled for these aliased + pathes, this could allow for remote code execution. + This issue only affects Apache 2.4.49 and Apache 2.4.50 and not + earlier versions. + Credits: Reported by Juan Escobar from Dreamlab Technologies, + Fernando MuA+-oz from NULL Life CTF Team, and Shungo Kumasaka + For more information, see: + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42013 + (* Security fix *) ++--------------------------+ +Thu Oct 7 19:12:20 UTC 2021 +a/kernel-generic-5.14.10-x86_64-1.txz: Upgraded. +a/kernel-huge-5.14.10-x86_64-1.txz: Upgraded. +a/kernel-modules-5.14.10-x86_64-1.txz: Upgraded. +d/kernel-headers-5.14.10-x86-1.txz: Upgraded. +k/kernel-source-5.14.10-noarch-1.txz: Upgraded. +kde/kio-5.86.0-x86_64-3.txz: Rebuilt. + Allow changing panel launcher icons. Thanks to RadicalDreamer and ctrlaltca. +n/epic5-2.1.6-x86_64-1.txz: Upgraded. +n/gnupg2-2.2.32-x86_64-1.txz: Upgraded. +xap/xpaint-3.1.4-x86_64-1.txz: Upgraded. +isolinux/initrd.img: Rebuilt. +kernels/*: Upgraded. +usb-and-pxe-installers/usbboot.img: Rebuilt. ++--------------------------+ Wed Oct 6 19:25:04 UTC 2021 a/hwdata-0.352-noarch-1.txz: Upgraded. ap/nano-5.9-x86_64-1.txz: Upgraded. |